internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3934d9e08c1bf1045b14329c14c5e323cee2990
awx-operator/roles/mesh_ingress/templates/statefulset.yml.j2
Hao Liu d3934d9e08 Able to deploy mesh ingress node 
TODO: register instance after creation

dependent on API/CLI change
2024-01-18 15:38:18 -05:00

58 lines
2.3 KiB
Django/Jinja
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ ansible_operator_meta.name }}
namespace: {{ ansible_operator_meta.namespace }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ ansible_operator_meta.name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ ansible_operator_meta.name }}
spec:
containers:
- args:
- /bin/sh
- -c
- |
internal_hostname={{ ansible_operator_meta.name }}
external_hostname={{ external_hostname }}
receptor --cert-makereq bits=2048 commonname=$internal_hostname dnsname=$internal_hostname dnsname=$external_hostname nodeid=$internal_hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes
exec receptor --config /etc/receptor/receptor.conf
image: '{{ _control_plane_ee_image }}'
imagePullPolicy: '{{ _image_pull_policy }}'
name: {{ ansible_operator_meta.name }}-mesh-ingress
volumeMounts:
- mountPath: /etc/receptor/receptor.conf
name: {{ ansible_operator_meta.name }}-receptor-config
subPath: receptor.conf
- mountPath: /etc/receptor/tls/ca/mesh-CA.crt
name: {{ ansible_operator_meta.name }}-receptor-ca
readOnly: true
subPath: tls.crt
- mountPath: /etc/receptor/tls/ca/mesh-CA.key
name: {{ ansible_operator_meta.name }}-receptor-ca
readOnly: true
subPath: tls.key
- mountPath: /etc/receptor/tls/
name: {{ ansible_operator_meta.name }}-receptor-tls
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: {{ ansible_operator_meta.name }}
volumes:
- name: {{ ansible_operator_meta.name }}-receptor-tls
- name: {{ ansible_operator_meta.name }}-receptor-ca
secret:
defaultMode: 420
secretName: {{ deployment_name }}-receptor-ca
- configMap:
defaultMode: 420
items:
- key: receptor_conf
path: receptor.conf
name: {{ ansible_operator_meta.name }}-receptor-config
name: {{ ansible_operator_meta.name }}-receptor-config
Reference in New Issue View Git Blame Copy Permalink